Any new laws to prevent identity theft and mandate notification of data security breaches need to be uniform and consistent with procedures in other states, and flexible enough to allow compliance, said the American Insurance Association (AIA) Tuesday in testimony before the New York State Senate’s Consumer Protection and Investigations and Government Operations Committees.
“AIA and its member companies are committed to protecting the security of our customers’ personal information, which is collected and stored to serve their insurance needs,” said Gary Henning, AIA assistant vice president, northeast region.
Henning pointed out that insurers have already taken steps to protect customers’ personal information under guidelines provided by the federal Gramm Leach Bliley Act and the New York Insurance Department’s Regulation 173, which became a national model.
“Should the legislature determine that additional laws on this issue are needed, AIA urges that uniformity and consistency among states be considered. For companies that operate on a national basis varying standards can be a compliance nightmare that adds significant costs, which may be passed on to consumers,” said Henning.
AIA also said any legislation should allow flexibility to provide notice in the most efficient means possible, including telephone notification. New legislation should not create private rights of action and penalties should be targeted at criminals who improperly access information and not companies that have made a good faith effort to protect that information.
Was this article valuable?
Here are more articles you may enjoy.